Cisco Cisco Firepower Management Center 4000
48-11
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
Quick Start to LDAP Authentication
License:
Any
You can set up an LDAP authentication object where you customize many of the values. However, if you
just want to authenticate all the users in a particular directory, you can create an authentication object
with the base DN for that directory. If you set defaults to those for your server type and supply
authentication credentials for the account used to retrieve user data from the server, you can quickly
create an authentication object. Follow the procedure below to do so.
just want to authenticate all the users in a particular directory, you can create an authentication object
with the base DN for that directory. If you set defaults to those for your server type and supply
authentication credentials for the account used to retrieve user data from the server, you can quickly
create an authentication object. Follow the procedure below to do so.
Note
If you prefer to consider and possibly customize each authentication setting when creating the
authentication object, use the procedure in
authentication object, use the procedure in
to create the object. If you plan to encrypt your connection to the server, set user timeouts,
customize the user name template, or assign FireSIGHT System user roles based on LDAP group
membership, use the advanced procedure.
membership, use the advanced procedure.
Before you configure a connection to your LDAP server, you should collect the information that you
need to create the LDAP authentication object. For more information on specific aspects of
configuration, see
need to create the LDAP authentication object. For more information on specific aspects of
configuration, see
You need the following:
•
the server name or IP address for the server where you plan to connect
•
the server type of the server where you plan to connect
•
the user name and password for a user account with sufficient privileges to browse the LDAP tree;
Cisco recommends that you use a domain admin user account for this purpose
Cisco recommends that you use a domain admin user account for this purpose
Optionally, if you want to constrain your user search further, you can add a base filter to set a specific
value for a specific attribute. The base filter focuses your search by only retrieving objects in the base
DN that have the attribute value set in the filter. Enclose the base filter in parentheses. For example, to
filter for only users with a common name starting with F, use the filter
value for a specific attribute. The base filter focuses your search by only retrieving objects in the base
DN that have the attribute value set in the filter. Enclose the base filter in parentheses. For example, to
filter for only users with a common name starting with F, use the filter
(cn=F*)
. When you save the
authentication object, the local appliance queries using the base filter to test it and indicates whether or
not the filter appears to be correct.
not the filter appears to be correct.
To create an LDAP authentication object:
Access:
Admin
Step 1
Select
System > Local > User Management
.
The User Management page appears
Step 2
Click the
Login Authentication
tab.
The Login Authentication page appears.
Step 3
Click
Create Authentication Object
.
Step 4
Select
LDAP
from the
Authentication Method
drop-down list.
LDAP configuration options appear.
Step 5
Type a name and description for the authentication server in the
Name
and
Description
fields.
Step 6
Select your server type from the
Server Type
drop-down list, then click the
Set Defaults
button to configure
default settings for that type. You have the following options: